My professor was saying in class tonight about how expensive the FTK usb dongles were. I thought it sounded a little crazy and looked around Google and their site. I can't seem to find any place selling it, but did you could download the iso and driver for a dongle right off FTK's site. Seems to only be good with certain hardware, but I can't find much on setting one up? Any advice?
The licence attaches to the dongle. Without it FTK has limited functionality. There should be a list of the resellers on the AccessData site AFAIK. The newer versions of FTK need some pretty heavy hardware as it runs a database backend (SQL) and supports multi-user mode. It's not one of my favorites because of some issues with the version 1 shortcomings I encountered and the big "iron" requirements that came out in version 2.
Actually the backend is typically Oracle. I do not believe there is a SQL version at this time. And yes the hardware requirements are high, however FTK3 can handle so many more items than 1.X. We were crashing 1.X all the time and do not have nearly as many issues with FTK3.
To the OP I am confused by the title of this thread and how it relates to the cost of FTK. The title makes it sound like you need help running FTK from a USB. And you can run FTK Imager from a USB but not the full suite.
If you are trying to understand how to install FTK (no reason to do it without a license dongle), the two ISOs you burn step you through the process of installing Oracle, the License Manager and the program.
Actually the backend is typically Oracle. I do not believe there is a SQL version at this time…
I stand corrected.
To the OP I am confused by the title of this thread and how it relates to the cost of FTK. The title makes it sound like you need help running FTK from a USB. And you can run FTK Imager from a USB but not the full suite.
If you are trying to understand how to install FTK (no reason to do it without a license dongle), the two ISOs you burn step you through the process of installing Oracle, the License Manager and the program.
I did not know there was a difference between the imager and the full suite. My professor didn't really explain the difference. Just that they both were FTK. At the time I was wanting to put the whole suite on a flash drive, but I guess that is not possible. Thank you for the replies!
I did not know there was a difference between the imager and the full suite. My professor didn't really explain the difference. Just that they both were FTK. At the time I was wanting to put the whole suite on a flash drive, but I guess that is not possible. Thank you for the replies!
To me this is very unprofessional, and disrespectful. As a student details as important as the differences between FTK and FTK Imager need to be passed along or you may have an insert foot in mouth moment in the real world. I've found in my own education as well as through other peoples on forums, that teachers really just do a high level overview of forensics, toot their own horn, talk about skills they have, and then exepect the class to be the most highly saught after class on campus…
I did not know there was a difference between the imager and the full suite. My professor didn't really explain the difference. Just that they both were FTK. At the time I was wanting to put the whole suite on a flash drive, but I guess that is not possible. Thank you for the replies!
Correct = it is not possible to put the suite on USB, only the FTK Imager portion.
The difference is FTK Imager is
1) FREE
2) Only for a) Imaging drives
b) Viewing raw data on drives and in images (no real search capability)
c) Convert forensic images from one format to another (E01 to dd)FTK (full suite) has all forensic functionality including data carving, indexing, searching across all items in the image. The suite purchase also gives you Registry Viewer to view registry data.
FYI You can download FTK suite Version 1.85 and install it on your computer and run it without purchasing a dongle. It will be limited to allowing you to view only 5000 items, but the full functionality will be there for those items. Feel free to try it, it is relatively intuitive (for a forensic suite) to run. FTK v1.x does not require massive hardware. A Pentium 4 will run it, maybe not the fastest, but since you are limited to 5000 items, it will be fine.
Thank you! $1500.00 is very steep on a college kids budget. Thanks markg43!